Non backwards compatibility of OAuth Authorization Code token for Chatbot API

igor.torq · May 8, 2023, 7:08pm

API Endpoint(s) and/or Zoom API Event(s)
Chatbot Send Message API
Get User’s Profile

Description
Our app generated an OAuth’s Authorization Code flow token which served us well for all of Zoom’s APIs, including sending a chatbot message, getting user’s profile, listing channels, etc.

In the past all of this used to work with that single generated bearer token, including send a chatbot message.
After quite some time we’ve noticed we can no longer send chatbot messages using said token (getting the “Invalid Authorization Token”, while it works fine with other API endpoints), and in the new documentation we found that it states that we need a different token now, generated using the OAuth Client Credentials, but using the same exact credentials.

A common use case of ours was to send a message to a user via the user’s email, so we would get the user’s JID using the Get User’s Profile API, and then sending the user a chatbot message. It all worked fine. Now, on the other hand, we have to generate both tokens, because we can not use the Get User’s Profile API with the Client Credentials token, and we can not use the Send Chatbot Message API with the Authorization Code token.

Note that the Authorization Code token is a superset of the Client Credentials.

Since we are supporting both our own Zoom app and our clients’ Zoom apps to which they can integrate with on the fly, we’ll have to change quite a lot in our system to support this change.

We wanted to know:

Why was this change made? Because Chatbot API definitely supported the Authorization Code token in the past.
Is there a workaround? Perhaps a different API we can use with the Authorization Code token to send chatbot messages? Or a way to access the other APIs with the Client Credentials token?

Error?

{"code": 7010,"message":"Invalid authorization token.","result":false}

How To Reproduce
Steps to reproduce the behavior:

curl -XPOST https://api.zoom.us/v2/im/chat/messages \
  -H "Authorization: Bearer <OAuth Authorization Code token>" \
  -H "Content-Type: application/json" \
  -d '{"account_id":"<account_id>","content":{"head":{"text":"test123"}},"robot_jid":"<bot JID>","to_jid":"<user JID>","user_jid":"<user JID>"}'

gianni.zoom · May 8, 2023, 11:14pm

Hi @igor.torq ,

These credentials are from an OAuth app or Chat app?

If you’re using OAuth app credentials, there may have been a misstep. Please use the Chat app credentials. Additionally, I may be mistaken, but based on the following:

Igor :

curl -XPOST https://api.zoom.us/v2/im/chat/messages \
  -H "Authorization: Bearer <OAuth Authorization Code token>" \
  -H "Content-Type: application/json" \
  -d '{"account_id":"<account_id>","content":{"head":{"text":"test123"}},"robot_jid":"<bot JID>","to_jid":"<user JID>","user_jid":"<user JID>"}'

We do not supply the authorization code we get fro, authorizing our Chat app to the API endpoints. We apply the authorization code to the request body parameters when requesting and access_token from https://zoom.us/oauth/token.

Then supply that access token to endpoints like //api.zoom.us/v2/im/chat/messages.

To recap, you retrieve the authorization code as described here: Authorization and authentication

Then you supply that code as explained in Step 2: Request access token.

Looking forward to your response.

Topic		Replies	Views
This API only supports oAuth2 for authorization API and Webhooks	2	757	October 11, 2020
Zoom Chatbot response: { code: 7004, message: 'Not authorized.' } API and Webhooks	8	942	October 15, 2021
How to access Zoom API with chat bot? API and Webhooks	2	534	December 19, 2021
Server-to-Server OAuth gets token -> 200: invalid api key or secret Authentication	1	613	December 17, 2022
Chatbot im/chat/messages error API and Webhooks	8	637	May 19, 2023

Non backwards compatibility of OAuth Authorization Code token for Chatbot API

Related Topics